Prepare 3.2.4 release

CHANGES.txt

@@ -1,3 +1,13 @@
+3.2.4 (2017-07-24)
+------------------
+
+- Backported from Supervisor 3.3.3:  Fixed CVE-2017-11610.  A vulnerability
+  was found where an authenticated client can send a malicious XML-RPC request
+  to ``supervisord`` that will run arbitrary shell commands on the server.
+  The commands will be run as the same user as ``supervisord``.  Depending on
+  how ``supervisord`` has been configured, this may be root.  See
+  https://github.com/Supervisor/supervisor/issues/964 for details.
+
 3.2.3 (2016-03-19)
 ------------------
 
@@ -85,6 +95,16 @@
   disconnect if many other ``supervisorctl`` commands were run in parallel.
   Patch by Stefan Friesel.
 
+3.1.4 (2017-07-24)
+------------------
+
+- Backported from Supervisor 3.3.3:  Fixed CVE-2017-11610.  A vulnerability
+  was found where an authenticated client can send a malicious XML-RPC request
+  to ``supervisord`` that will run arbitrary shell commands on the server.
+  The commands will be run as the same user as ``supervisord``.  Depending on
+  how ``supervisord`` has been configured, this may be root.  See
+  https://github.com/Supervisor/supervisor/issues/964 for details.
+
 3.1.3 (2014-10-28)
 ------------------
 
@@ -181,6 +201,16 @@
 - A warning is now logged if a glob pattern in an ``[include]`` section does
   not match any files.  Patch by Daniel Hahler.
 
+3.0.1 (2017-07-24)
+------------------
+
+- Backported from Supervisor 3.3.3:  Fixed CVE-2017-11610.  A vulnerability
+  was found where an authenticated client can send a malicious XML-RPC request
+  to ``supervisord`` that will run arbitrary shell commands on the server.
+  The commands will be run as the same user as ``supervisord``.  Depending on
+  how ``supervisord`` has been configured, this may be root.  See
+  https://github.com/Supervisor/supervisor/issues/964 for details.
+
 3.0 (2013-07-30)
 ----------------
 

supervisor/version.txt

@@ -1 +1 @@
-3.2.3
+3.2.4